PDF(1.5 MB) View with Adobe Reader on a variety of devices
ePub(1.5 MB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(564.1 KB) View on Kindle device or Kindle app on multiple devices
Updated:December 13, 2018
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Management Access Method Profile Rules Configuration on Sx500 Series Stackable Switches
Access profiles act as another layer of security for the switch. Access profiles can contain up to 128 rules to increase security. Each rule contains an action and a criteria. If the incoming packet matches the rule and the access method matches the management method, the action is performed. If the packet does not match a rule in the access profile, the packet is dropped. If the access method does not match the management method, the switch generates a SYSLOG message to notify the network administrator of the failed attempt.
This article explains how to configure profile rules on the Sx500 Series Stackable Switches.
Note: To configure access profile rules you need to configure access profiles refer to Management Access Authentication Setup on Sx500 Series Switches.
• Sx500 Series Stackable Switches
Step 1. Log in to the web configuration utility and choose Security > Mgmt Access Method > Profile Rules. The Profile Rules page opens:
Step 2. Check the check box that corresponds to the desired Access Profile Name and click Add to add a new profile rule. The Add Profile Rule window appears.
Step 3. (Optional) From the Access Profile Name drop-down list choose the access profile to which you would like to add a rule.
Step 4. Enter a value for the rule priority in the Rule Priority field. The rule priority matches packets with rules. Rules with lower priority are checked first. If a packet matches a rule the desired action is performed.
Step 5. Click the radio button that corresponds to the desired management method in the Management Method field. The access method used by the user must match the management method in order for the action to be performed.
Step 6. Click the radio button that corresponds to the desired action in the Action field.
• Permit — Permits the user to access the switch through the access method chosen in step 5.
• Deny — Denies the user access to the switch through the access method chosen in step 5.
Step 7. Click the radio button that corresponds to the desired interface in the Applies to Interface field.
• All — Applies to all ports, LAGs, and VLANs on the switch the above step 5 and step 6 rule.
• User Defined — Applies only to the chosen port, LAG, or VLAN on the switch the above step 5 and step 6 rule.
Step 8. If User Defined is chosen in the previous step, click the radio button that corresponds to the desired interface in the Interface field. Choose a port from the Unit/Slot and Port drop-down lists, a LAG from the LAG drop-down list, or a VLAN from the VLAN drop-down list accordingly.
Step 9. Click the radio button that corresponds to the desired IP address in the Applies to Source IP Address field.
• All — Applies to all types of IP addresses.
• User Defined — Only applies to the type of IP address that is defined in here to allow or deny from the above rules.
Timesaver: If All is chosen in step 9 skip to step 13.
Step 10. If User Defined is chosen, click the radio button that corresponds to the supported IP version in the IP Version field.
Step 11. Enter the source IP address in the IP Address field.
Step 12. Click the radio button that corresponds to the network mask in the Mask field.
• Network Mask — Enter the network mask in the Network Mask field. This will define the subnet mask for the source IP address.
• Prefix Length — Enter the prefix length (integer in the range of 0 to 32) in the Prefix length field. This will define the subnet mask by prefix length for the source IP address.
Step 13. Click Apply.
Step 14. (Optional) To edit the profile rules, check the desired access profile check box and click Edit.
Step 15. (Optional) To delete the access profile rule from the profile rule table, check the desired access profile check box and click Delete.